Topics

1

24.7 Production Series / ipv6 via dhcp6. How to get ipv6 on more than LAN interface <SOLVED>

« on: November 02, 2024, 11:50:23 am »

On my home network, I have requested a /56 from my ISP. It is easy to get ipv6 on the LAN interface via track interface, but how can I get ipv6 to the other two internal interfaces on the firewall?

Gunnar

2

24.7 Production Series / Widget for OpenVPN works on client side but not on server

« on: October 02, 2024, 01:00:33 pm »

As in Topic. OpenVPN widget gives correct data on the client Dashboard, but on the server side it says

OpenVPN Client Connections
Server SSL VPN mot Ornoweather
No clients connected

Small but annoying error

3

24.7 Production Series / A little detail in the dashboard view

« on: September 10, 2024, 07:00:42 pm »

With the old dashboard, looking at interfaces I could see both DHCP address for ipv4 and ipv6 on the WAN interface. With the new dashboard only the address for ipv4 is visible. I still get an dhcp6 ipv6 address though. So it is more cosmetics

4

24.1 Legacy Series / <SOLVED> How to change Client (ISC) DHCP static address

« on: May 08, 2024, 11:31:16 am »

By being clumsy, I assigned a static address to one of my devices, that is already assigned to another client. There is no "Edit" button for static IP addresses? So how do i proceed.

5

23.7 Legacy Series / speedtest from cli

« on: September 01, 2023, 01:03:02 pm »

Earlier I had speedtest-cli installed on my opnsense box. It seems to have disappeared. Is there som kind of  WAN speedtest tool in the plugins or some other way?

6

23.1 Legacy Series / NTP not able to use ipv6 peer

« on: July 17, 2023, 10:03:30 pm »

Hi!

I've very well working ipv6, and one of the peers provided by pool.ntp.org happens to be a ipv6 server. But it never reaches Active or Candidate peer.

Status from the firewall in attached file

It is not of very big importance to have ipv6 peers, just a bit fun if it works

7

23.1 Legacy Series / OpenVPN all config for client disappeared after latest upgrade

« on: July 04, 2023, 05:18:16 pm »

It's all in the subject. rebooting after upgrade and my VPN to the other OPNsense is blown away

8

22.7 Legacy Series / strange results with ipv6 not routed properly

« on: August 29, 2022, 04:17:25 pm »

I have a firewall with native ipv6 from my ISP. using dhcpv6 I get a /56

The clients gets addresses properly, but there is something weird with the routing If I ping googleI get
ping 2001:4860:4860::8888
PING 2001:4860:4860::8888(2001:4860:4860::8888) 56 data bytes
64 bytes from 2001:4860:4860::8888: icmp_seq=1 ttl=60 time=2.80 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=2 ttl=60 time=2.87 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=3 ttl=60 time=3.01 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=4 ttl=60 time=3.13 ms

if I ping another ipv6 destination I get:

ping 2001:67c:d8:ed80::87
PING 2001:67c:d8:ed80::87(2001:67c:d8:ed80::87) 56 data bytes
^C
--- 2001:67c:d8:ed80::87 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 298ms

This is a legitimate ipv6 address

If I traceroute google I get:

traceroute6 2001:4860:4860::8888
traceroute to 2001:4860:4860::8888 (2001:4860:4860::8888), 30 hops max, 80 byte packets
 1  OPNsense.gflygt.se (2001:9b0:21d:XXXX:XXX:XXXX:fe51:6da9)  0.741 ms  0.494 ms  0.341 ms
 2  2a01:2b0:2000:152::2 (2a01:2b0:2000:152::2)  2.135 ms  2.157 ms  2.192 ms
 3  2a01:2b0:2000:152::5 (2a01:2b0:2000:152::5)  2.734 ms  2.591 ms  2.620 ms
 4  2001:4860:1:1::efc (2001:4860:1:1::efc)  2.963 ms  2.825 ms  2.791 ms
 5  2a00:1450:810a::1 (2a00:1450:810a::1)  3.888 ms 2a00:1450:80b2::1 (2a00:1450:80b2::1)  3.745 ms 2a00:1450:8112::1 (2a00:1450:8112::1)  2.604 ms
 6  dns.google (2001:4860:4860::8888)  2.680 ms 2001:4860:0:1::b7c (2001:4860:0:1::b7c)  3.972 ms  3.714 ms

If I traceroute the other address (mail-1.sr.se) I get:
traceroute6 2001:67c:d8:ed80::87
traceroute to 2001:67c:d8:ed80::87 (2001:67c:d8:ed80::87), 30 hops max, 80 byte packets
 1  OPNsense.gflygt.se (2001:9b0:21d:XXXX:XXX:XXXX:fe51:6da9)  0.695 ms  0.440 ms  0.542 ms
 2  OPNsense.gflygt.se (2001:9b0:21d:XXXX:XXX:XXXX:fe51:6da9)  0.401 ms !N  0.478 ms !N  0.349 ms !N

(I obfuscated my ipv6 address a little)
ie it stops at the LAN address on my firewall.

So traceroute to google works fine, but not the other ordinary host. I can reach both hosts on my other firewall where I have tunneled ipv6!

It was fully working a while ago. I don't remember from which version of OPNsense it stopped working

Gunnar

9

22.7 Legacy Series / Clients get ipv6 addresses but don't reach Internet

« on: August 10, 2022, 06:26:38 pm »

I just upgraded to 22.7.1 on my firewall with native ipv6 enabled. And the clients on the Lan doesn't get ipv6 addresses.

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.2.61  netmask 255.255.255.0  broadcast 192.168.2.255
        inet6 fe80::144c:494d:4836:2c33  prefixlen 64  scopeid 0x20<link>
        ether b8:27:eb:37:6f:4c  txqueuelen 1000  (Ethernet)
        RX packets 3466  bytes 729753 (712.6 KiB)
        RX errors 1  dropped 1  overruns 0  frame 0
        TX packets 3075  bytes 1900898 (1.8 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Nothing changed in the config.

It looks fine in the Dashboard. LAN gets the address it should.
 
UPDATE: I get address (it took some time but it appeared) for my tested client, but I can't ping hosts on the Internet.

I can ping the LAN interface on the router, but not further. And a traceroute6 to an external host gives only the LAN interface.

10

22.1 Legacy Series / latest update not working properly

« on: June 12, 2022, 08:51:10 am »

***GOT REQUEST TO UPDATE***
Currently running OPNsense 22.1.8 (amd64/OpenSSL) at Sun Jun 12 08:49:19 CEST 2022
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (1 candidates): . done
Processing candidates (1 candidates): . done
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
   opnsense: 22.1.8 -> 22.1.8_1

Number of packages to be upgraded: 1

4 MiB to be downloaded.
[1/1] Fetching opnsense-22.1.8_1.pkg: .......... done
Checking integrity... done (0 conflicting)
[1/1] Upgrading opnsense from 22.1.8 to 22.1.8_1...
[1/1] Extracting opnsense-22.1.8_1: .......... done
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh'
Writing firmware setting...done.
Writing trust files...done.
Configuring login behaviour...done.
Configuring system logging...done.
=====
Message from opnsense-22.1.8_1:

--
Owl be watching you
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: .......... done
py37-markupsafe has a missing dependency: python37
py37-markupsafe has a missing dependency: py37-setuptools
py37-markupsafe is missing a required shared library: libpython3.7m.so.1.0

>>> Missing package dependencies were detected.
>>> Found 2 issue(s) in the package database.

pkg-static: No packages available to install matching 'python37' have been found in the repositories
pkg-static: No packages available to install matching 'py37-setuptools' have been found in the repositories
>>> Summary of actions performed:

python37 dependency failed to be fixed
py37-setuptools dependency failed to be fixed

>>> There are still missing dependencies.
>>> Try fixing them manually.

>>> Also make sure to check 'pkg updating' for known issues.
The following package files will be deleted:
   /var/cache/pkg/opnsense-22.1.8_1~cb594b0a31.pkg
   /var/cache/pkg/opnsense-22.1.8_1.pkg
The cleanup will free 4 MiB
Deleting files: .. done
All done
Nothing to do.
Starting web GUI...done.
Generating RRD graphs...done.
***DONE***

11

22.1 Legacy Series / Running native ipv6 but I get no ipv6 default route

« on: April 13, 2022, 04:52:20 pm »

My ISP provides me with a /56 range of ipv6. My clients gets ipv6 addresses, but dhcpv6 doesn't provide a default route. It did work a while ago. I haven´t changed my config, so what can be wrong.

12

22.1 Legacy Series / Is there any way I could script an ip adress change for a remote system?(SOLVED)

« on: April 09, 2022, 08:01:01 am »

I have a problem with my ISP. I can't get a permanent ipv4 address for my main firewall access point. This means that if I reboot after an upgrade, I may sit there with a new public ip address, which means that my both sites won't be able to set up the VPN I have between the sites.

My thought then would be a cron script (on the remote firewall) checking (once a day) the public ip address on the main site (yes it's reachable via DNS), retrieve the new address and then change the ip-address in the client VPN setup, and reload the VPN system (OpenVPN used)

Is this possible (yes of course  but how?)

13

22.1 Legacy Series / native ipv6 stopped working since upgrade to 22.x

« on: February 21, 2022, 07:10:42 am »

The Subject says it all. I've had native ipv6 running for 2 years now. From upgrade to ver 22 DHCPv6 Server does not start. My configuration is untouched.

14

21.7 Legacy Series / OpenVPN stopped working after latest upgrade (SOLVED)

« on: September 13, 2021, 12:54:27 pm »

All in the Subject. Upgraded from 21.7.1 to 21.7.2 And Open VPN starts the service in both ends, and says the service is running, but no traffic can be established between the end points.

Nothing else has been changed, just the upgrade. I also made the latest upgrade to 21.7.2_1 on both nodes. Result the same

15

21.7 Legacy Series / loosing default ipv6 route after update to 21.7

« on: September 12, 2021, 11:10:42 am »

All of a sudden the default route is lost after a while, since the upgrade to 21.7.

If I set the route manually it is there a few days, then suddenly lost again. I have ipv6 tunnel
 via Hurricane Electric.